In brief: Approximately 29,500 German companies must demonstrably strengthen their IT security by October 2024 in accordance with the NIS2 Directive.
The NIS2 law obligates some 29,500 companies in Germany to implement stricter IT security measures. The implementation deadline runs until October 2024.
The NIS2 Directive (Network and Information Security) affects approximately 29,500 companies in Germany that are classified as operators of essential entities or critical infrastructure. This includes companies in the sectors of energy, transport, water, healthcare, digital infrastructure and public administration, as well as providers of digital services such as cloud and hosting.
For CISOs, this means that comprehensive evidence of compliance is required. The new regulation sets higher standards for incident reporting, cybersecurity management and the obligation to report security incidents to authorities within 72 hours. Companies must document their risk analyses and demonstrate technical and organizational measures.
Implementation requires reviewing existing IT security architectures, adapting policies and training employees. CISOs should already create an audit plan now to identify compliance gaps and initiate remediation measures.
Source: news.google.com · Published June 17, 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.1.